CISSP · Question #250
Which of the following BEST represents the concept of least privilege?
The correct answer is A. Access to an object is denied unless access is specifically allowed.. According to the CISSP CBK Official Study Guide, the concept of least privilege means that users and processes should only have the minimum access required to perform their tasks, and no more. This reduces the risk of unauthorized or malicious actions, as well as the impact of po
Question
Which of the following BEST represents the concept of least privilege?
Options
- AAccess to an object is denied unless access is specifically allowed.
- BAccess to an object is only available to the owner.
- CAccess to an object is allowed unless it is protected by the information security policy.
- DAccess to an object is only allowed to authenticated users via an Access Control List (ACL).
How the community answered
(28 responses)- A93% (26)
- B4% (1)
- C4% (1)
Explanation
According to the CISSP CBK Official Study Guide, the concept of least privilege means that users and processes should only have the minimum access required to perform their tasks, and no more. This reduces the risk of unauthorized or malicious actions, as well as the impact of potential incidents. One way to implement the principle of least privilege is to use a default-deny policy, which means that access to an object is denied unless access is specifically allowed. This is also known as a whitelist approach, which only grants access to predefined and authorized entities. Access to an object is only available to the owner is not a good representation of the concept of least privilege, as it may prevent legitimate access by other authorized users or processes. Access to an object is allowed unless it is protected by the information security policy is not a good representation of the concept of least privilege, as it may allow unnecessary or excessive access by default. This is also known as a blacklist approach, which only denies access to predefined and unauthorized entities. Access to an object is only allowed to authenticated users via an Access Control List (ACL) is not a good representation of the concept of least privilege, as it may not consider the authorization and accountability aspects of access control. Authentication is the process of verifying the identity of a user or process, while authorization is the process of granting or denying access based on the identity and the access policy. An ACL is a mechanism that defines the permissions and restrictions for accessing an object, but it does not necessarily enforce the principle of least privilege.
Topics
Community Discussion
No community discussion yet for this question.